Information Security Policy

Information Security Policy

1. OBJECTIVE

To protect information assets (value groups, information, processes, information technologies including hardware and software), by establishing general guidelines for the application of information security in the management of internal processes.

2. SCOPE OF APPLICATION

This policy applies to all interested parties that interact with the company Frigorifico de la Costa S.A.S.

3. POLICIES 

Frigorifico de la Costa S.A.S. is committed to:

  1. understand and treat operational and strategic risks in information security so that they remain at acceptable levels for the organization.
  2. Protecting the confidentiality of information related to customers and development plans.
  3. Preserving the integrity of the accounting records.
  4. Publicly accessible Web services and internal networks meet the required availability specifications.
  5. We control all incoming and outgoing information on mail, outgoing and USB ports, LAN, blocking and managing these resources.
  6. Passwords are available for each computer unit and access controls to hardware and software systems.
  7. Understanding and meeting the needs of all stakeholders.
  8. This organization faces risk taking and tolerates those risks that, based on available information, are understandable, controlled and dealt with when necessary.
  9. All personnel shall be informed and responsible for the security of the information they administer and manage, as relevant to the performance of their work.
  10. Funding shall be available for the operational management of controls related to information security and in the management processes for its implementation and maintenance.
  11. Fraud possibilities related to the abusive use of information systems shall be taken into account within the overall management of information systems.
  12. Regular confidential reports with information on the security situation shall be made available.
  13. Information security risks shall be monitored and relevant measures shall be taken when there are changes that imply an unacceptable level of risk.
  14. The criteria for risk classification and acceptance are referenced in the Security area.
  15. Situations that may expose the organization to the violation of laws and legal regulations will not be tolerated.